mounting nfs as httpd_sys_content_t under selinux
Johnny Tan
linuxweb at gmail.com
Tue Dec 11 21:36:53 UTC 2007
Johnny Tan wrote:
>> On Mon, 2007-12-10 at 12:24 -0500, Eric Paris wrote:
>>> You might get what you want with the nosharecache mount option i
>>> mentioned, if adding that to both mounts doesn't help, yeah, you are
>>> stuck, sorry.
>
> I did add this option, but it's hard to tell right now whether it
> because we are also disallowing from httpd side. I'll have to wait for
> another downtime to test this.
nosharecache seems to have done the trick!
"ls -Z" shows the correct context (previously, it showed the
same context for both, even though one wasn't mounted with
that context). And httpd gets denied in attempts to look at
the one that wasn't mounted with the httpd_sys_content_t
context.
Thanks!
johnn
More information about the fedora-selinux-list
mailing list